[KAFKA-69] Obscure username/password in logs Created: 24/Sep/19 Updated: 28/Oct/23 Resolved: 22/Oct/19 |
|
| Status: | Closed |
| Project: | Kafka Connector |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 0.3 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Seth Payne | Assignee: | Ross Lawley |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Case: | (copied to CRM) | ||||
| Description |
|
At present, username and password details are cleartext in logs. We need to obscure/anonymize this information |
| Comments |
| Comment by Githook User [ 22/Oct/19 ] |
|
Author: {'name': 'Ross Lawley', 'username': 'rozza', 'email': 'ross.lawley@gmail.com'}Message: Ensure configuration does not log
|
| Comment by Ross Lawley [ 09/Oct/19 ] |
|
Kafka's AbstractConfig is logging all the configuration properties. This logging can be disabled easily, but outputting the configuration would help debugging. Custom logging would be required to handle the connection string and not leak the username / password. |